Follow the author of this article

Follow the topics within this article

Solicitors are failing to warn clients about the risks of using email during property transactions, despite explicit guidelines from anti-fraud authorities and their own trade body, the Solicitors Regulation Authority.

Howard Mollett, who had was tricked into paying over £74,000 to a fraudster posing as his solicitor over email, said he was never warned about the threat of online criminals by his firm, Sethi Partnership, which is based in west London.

In fact, first-time buyer Mr Mollett, 40, said the firm only put a "cyber crime alert" at the bottom of their emails on the day he discovered he had become a victim of conveyancing fraud.

What are we paying solicitors for if not to guide us through buying a home, possibly the biggest transaction of our lives

The alert read: "Please be aware that there is a significant risk posed by cyber fraud, specifically affecting email accounts and bank account details.

"PLEASE NOTE that this firm's bank account details WILL NOT change during the course of a transaction and we WILL NOT change our bank account details via email. Please check account details with us in person if in any doubt. We will not accept responsibility if you transfer money into an incorrect bank account."

The Solicitors Regulation Authority has made repeated warnings to firms about the threat of online attacks since February 2014.

The fraudsters then generate fake emails purporting to be from one of the parties, asking the other to make payments in to a new bank account.

The payments are often very large, representing deposits on properties or in some cases the entire proceeds of a property sale.

Once the money has been paid, the criminals drain the accounts.

The banks involved are frequently unhelpful and slow to act.

In December 2016 the Solicitors Regulation Authority identified conveyancing fraud as the most common cyber crime in the legal sector. It suggested that a quarter of firms had been targeted by online fraudsters. In one in 10 of these cases money had been stolen as a result, it said.

There are 10,500 solicitor firms in England and Wales, according to the SRA.

Based on its own numbers 2,625 companies have been targeted by fraudsters, with criminals having been successful in almost 300 cases. But under-reporting of cases and size of the loss means the actual numbers are likely to be far greater.

Mr Mollett, who works at a charity, successfully transferred a downpayment of just over £32,500 to Sethi Partnership's HSBC bank account in August last year.

On Friday September 23, the firm emailed a summary of his outstanding final costs. His outstanding balance was £119,837 for a one-bed flat in Brixton, south London, which cost £310,000. The firm insisted this needed to be in its account before completion on October 5.

He tried to make a same day transfer of £45,000 the following Thursday while working abroad in the US. However, a message appeared on his online banking that said the transfer could take up to three days to clear.

Mr Mollett could not pay off the balance in one go as he had a daily transfer limit of £50,000. However, he was anxious about missing his completion date so emailed Sethi Partnership for advice.

It was then the fraudsters pounced.

Posing as Mr Mollett's solicitor, the criminal said the firm was having issues with its HSBC account and requested the remaining funds be paid into an alternative Yorkshire Building Society account.

He transferred £42,000 into the account on Friday 30th and £25,000 the following day.

On Sunday Mr Mollett received another email from the bogus solicitor asking for the last £7,837 to be paid into a NatWest account as it was below £10,000.

He was told the solicitor would be in touch on Tuesday to make completion arrangements for Wednesday.

However, on Tuesday, Mr Mollett received a genuine email from the firm stating it had only received the first £45,000 payment.

It was at that moment Mr Mollett saw the cyber security alert at the bottom of the message and realised something had "gone seriously wrong".

He immediately called his bank, the police and in desperation, Yorkshire Building Society and NatWest.

Over the next few days Mr Mollett, his parents and his sister manage to scrape their savings and replace the missing funds so the property purchased completed.

The last payment to NatWest was recovered but the £67,000 has yet to be returned.

Mr Mollett described the situation as "incredibly stressful".

His father, who is 72 and not in the best of health, was due to retire in December but has been forced to carry on working as he now has no savings.

Mr Mollett's parents and sister had to plug the £74,000 gap so he could complete his property purchases

He said: "The SRA has a name for this kind of fraud, for goodness sake. Why wasn't the firm on top of it? It should have warned me about cyber security and explained it would never offer alternative bank accounts by email?

"What are we paying solicitors for if not to guide us through buying a home, possibly the biggest transaction of our lives?"

Mr Mollett is seeking the advice of a lawyer and cyber security expert. He believes if he can prove Sethi Partnership's systems were compromised he will get his money back.

Sethi Partnership refused to comment on why it did not warn Mr Mollett about cyber crime or what prompted it to add the alert to its emails.

It said it takes the issue seriously and has the required "compliance measures in place". It said it sends bank details in hard copy rather than email.

Mr Mollett's case is currently being investigated by the firm, the police and the banks. Sethi Partnership said that while it "could not comment directly" it had "never had to deal with an incident like this before".